Indian cos increase spending on info security

Indian companies in all verticals have increased their budget for securing their information up to 15 per cent and more, reveals India report of 2010 Global Security Survey done by Deloitte Touche Tohmatsu India.

“The survey included 62 top organizations of the country across all verticals. We found that except for three per cent companies of the total interviewed by us, who have reduced their budget on information security (IS), rest all have significant amount of increase in their budget. We see this as a step in the right direction,” said Sundeep Nehra, senior director, Deloitte Touche Tohmatsu India.

And, interestingly, these companies have increased their budgetary allocation for information security more than their global peers.

“Around 42 per cent of the company said that they have increased their budget by 1 to 5 per cent. In global arena we could see only 35 per cent companies in this bracket. To the higher side of budgetary allocation for security, we found that seven per cent of companies have increased their by budget by 15 per cent or more but globally we found only 6 per cent companies coming in to this bracket,” explained Nehra.

Most of the companies in India expressed that their budget spent is aligned to their business goals and information security initiatives. However, when cross-checked, Deloitte found that there is a big gap in their belief.

When it comes to security issues on third-party vendors to which Indian companies have outsourced their work, only three per cent of the total respondent expressed their extreme confidence. Rest of the respondents, despite having shaky trust on third-party vendors, do not have proper independent security attestation in place.

Only 8 per cent of the organizations in India engage an independent third party to assess third parties’ capabilities. This number stands closer to 11 per cent globally.

On the other hand, around 71 per cent Indian companies sign confidentiality or Non-Disclosure Agreements with their service providers and rely on them.

“We feel that there is lot of scope for improvement in this direction. They have most of the things in place but still need to put proper cross verification information in place to align their efforts for information security,” said Nehra.

Tracking the spent of budget for IS, Deloitte found that most of the Indian companies are spending their IS training and awareness program which is 50 per cent which is higher than companies in other part of the world by 20 per cent in percentage terms.

“We found that IS regulatory and legislative compliance is not in the priority list of Indian companies. Only 11 per cent of their budget goes to align IS with regulatory and legislative compliance where as in other parts of the world spent on this is 28 per cent,” said Nehra.

The other area where Indian companies spend higher than companies outside India are business continuity, disaster recovery, aligning IS initiative with those of business, security related to technology advancements, making IS operable, integrating technology and information risk, managing insider threats and IS talent management.

Nehra pointed out that though initiatives of Indian companies for IS is appreciable still there is large scope for improvement in utilizing vendors for disaster recovery facility, alternative space facility, offside storage, external hosting of applications and BCM software vendors.

“In all these field Indian companies have been lagging that companies outside India,” said Nehra.